Top of Page
 

CISSP vs. the GSEC Certification

To help you decide which credential is right for you, consider these factors and points of comparison.

When considering which certification to pursue between the Certified Information Systems Security Professional (CISSP) certification and the Global Information Assurance Certification (GIAC) Security Essentials (GSEC) certification, there are a few factors to consider.

These two designations have different goals. The GSEC demonstrates technical mastery across a narrower space defined by 33 topic areas. The CISSP covers a much broader view of information security defined by 8 domains. Many characterize the GSEC as more technical, and the CISSP more managerial. The GSEC is open book, while the CISSP is not – no materials are allowed in the testing center during any (ISC)² examination.

The International Information System Security Certification Consortium (ISC)² which began in 1989 as a non-profit, is the organization behind the CISSP. They launched the CISSP certification in 1994 and have 136,480 certified professionals worldwide as of May 31, 2019.  The Global Information Assurance Certification (GIAC) is a certificate program founded under the SANS Institute (officially the Escal Institute of Advanced Technologies), a United States based for-profit company founded in 1989, focused on selling cybersecurity training and certificates.

Certifications serve the purpose of demonstrating knowledge, skills and abilities (KSA) to prospective employers. As mentioned previously, the CISSP is broad in scope. If the KSAs desired to be tested are technical in nature, rather than industry-wide, than the (ISC)² Systems Security Certified Practitioner (SSCP) is more comparable to the GSEC. The SSCP focus is to demonstrate candidates have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures established by cybersecurity experts.

The GSEC certification does not have an experience requirement, unlike the CISSP which requires five years. The GSEC does not require membership in the SANS Institute, or an Annual Maintenance Fee (AMF). This could save a candidate $125 per year (the cost of (ISC)²’s AMF), however, the GSEC is only valid for four years, at which time the exam must be retaken to recertify at a cost of $1,899. Optionally, you may collect 36 Continuing Professional Education (CPE) credits over the four years the GSEC is active and pay $429 to renew for an additional 4 years.

In summary, research into the position(s), type of job and work being sought should factor into the decision. Most jobs require, or at least prefer, a CISSP as it matches skills and knowledge in more types of work in the industry. There are some jobs that expect a candidate to come to the job with certain technical capabilities day one, therefore they may prefer a GSEC certification. One designation is not better than the other, they are different. Ideally a candidate would have both, perhaps the CISSP is more valuable to complete first, then add the GSEC to additionally demonstrate hands-on skills.

Looking for more information? For further details, tips and tools, download the Ultimate Guide to the CISSP.

OK